Admin and Authentication
Visibility: this page is intentionally Admin-only.
The admin and authentication features cover local sign-in, role-based access control, provider management, audit visibility, and operational settings.
Access Model
[!NOTE] Screenshot placeholder [FEAT-ADMIN-01]:
/admin/setupfirst-admin bootstrap page.
What It Does
- Provides first-admin bootstrap through
/admin/setup. - Supports local login plus the currently wired external-provider flow at
/loginand/profile. - Enforces role-based access for UI, API, and MCP actions.
- Exposes admin controls for users, providers, settings, audit, and history.
Why It Matters
MemorySmith needs local-first convenience without losing governance. Admin and auth controls protect write paths, diagnostics, and sensitive operations.
Key Capabilities
- Roles: Viewer, Editor, Admin.
- Local password authentication, GitHub external sign-in, and provider administration.
- Admin-only views for settings, audit, and change history.
- Compatibility path for first-run local editing before first admin exists.
Current Operator Notes
/adminConfiguration edits allowlisted scalar and list settings throughAdminSettingsService. Sensitive values stay write-only, showConfiguredorNot configured, and provide an explicitClear secretaction rather than echoing stored secrets.- The Admin Configuration workbench now surfaces category-jump buttons, visible dirty counts, a changed-only filter, and responsive labeled rows so operators can narrow to the setting they are editing before save or reset, instead of scanning one long settings table.
- The Admin Users view now defaults to masked user IDs and contact fields, keeps reveal/copy controls available when operators need them, and switches to labeled stacked rows on narrow screens so account metadata does not dominate the layout.
/adminkeeps the active admin section visible outside the scrollable tab strip and renders Audit/History rows as labeled stacked cells on narrow screens so operators can still scan targets, artifacts, and copy actions without decoding a dense desktop table.- Admin audit and history views are the operator surface for auth and mutation evidence. Persisted entries carry request IDs and privacy-reviewed request metadata hashes without storing raw IP or user-agent values.
- GitHub external-auth callbacks now use the same durable evidence contract as local password sign-in: successful callbacks write
auth.login.succeededplus login history, and callback failures writeauth.login.failedplus a failure login-history row before redirecting back to/loginor/profile. - External provider runtime is partial today: GitHub is wired into the startup auth pipeline. Google and Microsoft can still be preconfigured for future use, but
/adminmarks themUnsupportedand/loginplus/profiledo not treat them as active sign-in methods until matching auth handlers are registered.
[!NOTE] Screenshot placeholder [FEAT-ADMIN-02]:
/adminsettings and role-management surface. [!NOTE] Screenshot placeholder [FEAT-ADMIN-03]:/loginwith provider/local auth options. [!NOTE] Screenshot placeholder [FEAT-ADMIN-04]: audit/history visibility in admin workflows.
Related Pages
Screenshot Backlog Template
- [ ] FEAT-ADMIN-01 admin setup bootstrap
- [ ] FEAT-ADMIN-02 admin settings and role management
- [ ] FEAT-ADMIN-03 login and auth options
- [ ] FEAT-ADMIN-04 audit/history admin view